They are not that much different and all based on presentation slides.

Method advantages:- It is relatively new;- Can execute payload from memory (fileless);- Zombified target process has legitimate look;- It is Windows design feature, not a bug or vulnerability not in NTFS not in loader, nothing to fix here;- Doesn't require admin privileges to execute.

I didn't tested it with any of crapware AV's available on market and don't even want to download them, so cannot confirm or deny any of "undetectable" claims from these slides.If someone want to test some AV's - feel free to do so.